I have a problem with ssh host keys being automatically generated(?). Our installation process looks like this:
1) Install IdM server and clients. 2) Generate ssh host keys for all machines in a special way because of a requirement about available entropy that is not 3) Distribute the new keys to all machines but do not install them. (Any required known_hosts files are also generated and distributed). and known_hosts files 4) Reboot all machines at the same time. 5) During reboot, a script installs the new keys and deletes the old ones (rsa and ecdsa format). However, host key files in rsa and ecdsa format keep reappearing. I'm not exactly sure when this happens. Does it have something to do with sssd? -- So, we need to disable * automatic generation of ssh keys, * restoring them from backups (in case some component does that). Caching the keys in sssd would be in order if we can make sure that sssd does not cache the old keys at any time. Running "sss_cache -H" does not seem to affect the cached known_hosts file in /var/lib though. I understand that IdM can manage host keys, but we don't want to use that feature because of the underlying system requirements, and we'll never add new machines anyway. Ciao Dominik ^_^ ^_^ -- Dominik Vogt _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure